Post on 29-Aug-2019
transcript
Focusing on Binding and Computation
Dan Licata
Joint work with Noam Zeilberger and Robert Harper
Carnegie Mellon University
Programming with Proofs
• Represent syntax, judgements, and proofs
• Reason about them via computation
1
Programming with Proofs
• Represent syntax, judgements, and proofs⊲ Binding and scope!
• Reason about them via computation⊲ Structural induction modulo α-equivalence
. . .2
Programming with Proofs
• Represent syntax, judgements, and proofs⊲ Binding and scope!
• Reason about them via computation⊲ Structural induction modulo α-equivalence
Logical frameworks: abstractions facilitating these tasks
. . .2
Programming with Proofs
• Represent syntax, judgements, and proofs⊲ Binding and scope!
• Reason about them via computation⊲ Structural induction modulo α-equivalence
Logical frameworks: abstractions facilitating these tasks
What theory of inference rules?
2
Derivability
A true⊢B true(A ⊃ B) true
• J1 ⊢ J2: derive J2, using a new axiom concluding J1
• Does not circumscribe J1
• Structural properties:substitution, weakening, exchange, contraction
3
Admissibility
P (0) true P (1) true . . .
∀x : N.P (x) true i.e.n : N |= P (n) true
∀x : N.P (x) true
• J1 |= J2: if J1 is derivable then J2 is derivable(implication in metalogic)
• Does circumscribe J1
e.g. by distinguishing all possible cases on n : N
4
Admissibility
Side conditions:
l 6∈ M
(M, l) →֒ error i.e.(l ∈ M) |=⊥
(M, l) →֒ error
Iterated inductive definitions:
path(x, y, n) (path(x, y,m) |= m ≥ n)
shortestPath(x, y, n)
5
Evidence
1. Evidence for admissibility J1 |= J2:Open-ended: any transformation from J1 to J2
Called computational functions (cf. Coq, NuPRL)
. . .6
Evidence
1. Evidence for admissibility J1 |= J2:Open-ended: any transformation from J1 to J2
Called computational functions (cf. Coq, NuPRL)
2. Evidence for derivability J1 ⊢ J2:• a uniform function: may not analyze J1
• application = substitution
• accounts for syntax with variable binding
Called representational functions (cf. LF)
6
Focusing on Binding and Computation
This work:
A single (simply-typed) logical framework supportingboth binding and computation.
• Two functions spaces:representational arrow ⇒ for derivabilitycomputational arrow → for admissibility
• Inference rules can freely mix them
7
Representational Arrow
Intro: (λ u.V ) : P ⇒ A
⊲ V a value of type A
⊲ u is a scoped datatype constructor for P
Examples of P ⇒ P :λ u. u
λ u. c u (if c : (P ⇒ P) )
Elim: Pattern matching
case (e :P ⇒ P) of λ u. u 7→ e1
| λ u. c u 7→ e2
...8
Outline
What?
• Motivating example
• Structural properties
How?
• Polarity of ⇒
• Higher-order focusing for intuitionistic logic
• Computational open-endedness of inversion
9
Outline
What?
• Motivating example
• Structural properties
How?
• Polarity of ⇒
• Higher-order focusing for intuitionistic logic
• Computational open-endedness of inversion
10
Example: Arithmetic Expressions
Language of arithmetic expressions:e ::= num[k]
| let x = e1 in e2
. . .11
Example: Arithmetic Expressions
Language of arithmetic expressions:e ::= num[k]
| let x = e1 in e2
| e1 + e2
. . .11
Example: Arithmetic Expressions
Language of arithmetic expressions:e ::= num[k]
| let x = e1 in e2
| e1 + e2
| e1 ∗ e2
. . .11
Example: Arithmetic Expressions
Language of arithmetic expressions:e ::= num[k]
| let x = e1 in e2
| e1 + e2
| e1 ∗ e2
| e1 − e2
. . .11
Example: Arithmetic Expressions
Language of arithmetic expressions:e ::= num[k]
| let x = e1 in e2
| e1 + e2
| e1 ∗ e2
| e1 − e2
| e1 div e2
. . .11
Example: Arithmetic Expressions
Language of arithmetic expressions:e ::= num[k]
| let x = e1 in e2
| e1 + e2
| e1 ∗ e2
| e1 − e2
| e1 div e2
| e1 mod e2
. . .11
Example: Arithmetic Expressions
Language of arithmetic expressions:e ::= num[k]
| let x = e1 in e2
| e1 + e2
| e1 ∗ e2
| e1 − e2
| e1 div e2
| e1 mod e2
| e1 pow e2
. . .11
Example: Arithmetic Expressions
Language of arithmetic expressions:e ::= num[k]
| let x = e1 in e2
| e1 + e2
| e1 ∗ e2
| e1 − e2
| e1 div e2
| e1 mod e2
| e1 pow e2
Suppose we want to treat binops unformly
11
Example: Arithmetic Expressions
Language of arithmetic expressions:e ::= num[k]
| let x = e1 in e2
| e1 ⊙f e2
Represent binops generically by
f : nat → nat → nat
12
Example: Arithmetic Expressions
e ::= num[k]
| let x = e1 in e2
| e1 ⊙f e2
Represent in our framework as type ari with constructors:
num : ari ⇐ nat
let : ari ⇐ ari⇐ (ari ⇒ ari)
binop : ari ⇐ ari⇐ (nat → nat → nat)⇐ ari
13
Example: Arithmetic Expressions
e ::= num[k]
| let x = e1 in e2
| e1 ⊙f e2
Represent in our framework as type ari with constructors:
num : ari ⇐ nat
let : ari ⇐ ari⇐ (ari ⇒ ari)
binop : ari ⇐ ari⇐ (nat → nat → nat)⇐ ari
Uses representational function for let
14
Example: Arithmetic Expressions
e ::= num[k]
| let x = e1 in e2
| e1 ⊙f e2
Represent in our framework as type ari with constructors:
num : ari ⇐ nat
let : ari ⇐ ari⇐ (ari ⇒ ari)
binop : ari ⇐ ari⇐ (nat → nat → nat)⇐ ari
Uses computational function for binop
15
Example: Evaluator
ev : ari → nat
ev (num p) 7→ p
ev (binop p1 f p2 ) 7→ f (ev p1 ) (ev p2 )
ev (let p0 (λ u. p)) 7→ ev (apply (λ u. p) p0 )
. . .16
Example: Evaluator
ev : ari → nat
ev (num p) 7→ p
ev (binop p1 f p2 ) 7→ f (ev p1 ) (ev p2 )
ev (let p0 (λ u. p)) 7→ ev (apply (λ u. p) p0 )
apply a representational function by substitution:
apply : (P ⇒ A) → (P → A)
16
Outline
What?
• Motivating example
• Structural properties
How?
• Polarity of ⇒
• Higher-order focusing for intuitionistic logic
• Computational open-endedness of inversion
17
Structural Properties
• Properties of derivability judgement J1 ⊢ J2:
apply : (P ⇒ A) → (P → A)
weaken :A → (P ⇒ A)
• “Free” in LF: all rules are pure
May fail if rules mix derivability and admissibility!
18
Counterexample to Weakening
weaken :A → (P ⇒ A)
Counterexample:
plus : nat → nat → nat
defined by recursion on nat.
Cannot weaken to nat ⇒ nat → nat → nat:would introduce a new case for plus
19
Our Solution
⇒ eliminated by pattern-matching:
• No commitment to apply, weaken
• But structural properties are definable for all LF rules,and in many other cases. E.g.
weaken :A → (P ⇒ A)
if P does not occur to the left of computational arrow
• Implement as a datatype-generic program
20
Outline
What?
• Motivating example
• Structural properties
How?
• Polarity of ⇒
• Higher-order focusing for intuitionistic logic
• Computational open-endedness of inversion
21
Intro vs. Elim
Sums A ⊕ B :
• Introduced by choosing inl or inr
• Eliminated by pattern-matching
Computational functions A → B :
• Introduced by pattern-matching on A
• Eliminated by choosing an A to apply it to
22
Positive vs. Negative Polarity [Girard ’93]
Sums A ⊕ B are positive:
• Introduced by choosing inl or inr
• Eliminated by pattern-matching
Computational functions A → B are negative:
• Introduced by pattern-matching on A
• Eliminated by choosing an A to apply it to
23
Focus vs. Inversion [Andreoli ’92]
Sums A ⊕ B are positive:
• Introduced by choosing inl or inr
• Eliminated by pattern-matching
Computational functions A → B are negative:
• Introduced by pattern-matching on A
• Eliminated by choosing an A to apply it to
. . .24
Focus vs. Inversion [Andreoli ’92]
Sums A ⊕ B are positive:
• Introduced by choosing inl or inr
• Eliminated by pattern-matching
Computational functions A → B are negative:
• Introduced by pattern-matching on A
• Eliminated by choosing an A to apply it to
Focus = make choices
24
Focus vs. Inversion [Andreoli ’92]
Sums A ⊕ B are positive:
• Introduced by choosing inl or inr
• Eliminated by pattern-matching
Computational functions A → B are negative:
• Introduced by pattern-matching on A
• Eliminated by choosing an A to apply it to
. . .25
Focus vs. Inversion [Andreoli ’92]
Sums A ⊕ B are positive:
• Introduced by choosing inl or inr
• Eliminated by pattern-matching
Computational functions A → B are negative:
• Introduced by pattern-matching on A
• Eliminated by choosing an A to apply it to
Inversion = respond to all possible choices
25
Representational Functions are Positive
• Specified by intro: λ u.V
• Eliminated by pattern matching:
case (e :P ⇒ A) of {(λ u. p) 7→ e}
where p is in an extended rule context
26
Outline
What?
• Motivating example
• Structural properties
How?
• Polarity of ⇒
• Higher-order focusing for intuitionistic logic
• Computational open-endedness of inversion
27
Higher-order Focusing
1. Specify a type by its patterns
2. Type-independent focusing framework:
• Focus phase = choose a pattern
• Inversion phase = pattern matching
See Zeilberger [APAL] for classical logicand Zeilberger [POPL08] for positive half of IL
28
Sequent Calculus Judgements
Type-specific:
• Constructor patterns ∆ ° p :: C +
and destructor patterns ∆ ° n :: C - > C +
Focusing framework:
• Positive focus Γ ⊢ v+ :: C +
and inversion Γ ⊢ k+ : C+0
> C +
• Negative focus Γ ⊢ k - :: C- > C +
and inversion Γ ⊢ v - : C -
• Neutral sequents Γ ⊢ e : C +
and substitutions Γ ⊢ σ : ∆
29
Sequent Calculus Judgements
Type-specific:
• Constructor patterns ∆ ° p :: C +
and destructor patterns ∆ ° n :: C - > C +
Focusing framework:
• Positive focus Γ ⊢ v+ :: C +
and inversion Γ ⊢ k+ : C+0
> C +
• Negative focus Γ ⊢ k - :: C- > C +
and inversion Γ ⊢ v - : C -
• Neutral sequents Γ ⊢ e : C +
and substitutions Γ ⊢ σ : ∆
30
Sequent Calculus Judgements
Judgements relative to inference rule context Ψ:
R ::= P ⇐ A+1· · · ⇐ A+
n
Ψ ::= · | Ψ, u :R
Natural numbers:
Ψnat = zero : nat
succ : nat ⇐ nat
Cf. definitional reflection [Schroeder-Heister/Hallnäs]
31
Sequent Calculus Judgements
Assumptions and conclusions are contextual :Track the free variables of a term in its type
[cf. Contextual Modal Type Theory and FOλ∆∇]
Γ, ∆ ::= · | ∆, x :C -
C- ::= 〈Ψ〉A-
C+ ::= 〈Ψ〉A+
32
Constructor Patterns: ∆ ° p :: 〈Ψ〉A+
A+ ::= ↓A- | P | R ⇒ A+
A- ::= A+ → B - | ↑A+
x : 〈Ψ〉A- ° x :: 〈Ψ〉 ↓A-
34
Constructor Patterns: ∆ ° p :: 〈Ψ〉A+
u :P ⇐ A+1· · · ⇐ A+
n ∈ Ψ
∆1 ° p1 :: 〈Ψ〉A+1
...∆n ° pn :: 〈Ψ〉A+
n
∆1, . . . , ∆n ° u p1 . . . pn :: 〈Ψ〉P
35
Constructor Patterns: ∆ ° p :: 〈Ψ〉A+
∆ ° p :: 〈Ψ, u :R〉A+
∆ ° λ u. p :: 〈Ψ〉R ⇒ A+
• R ⇒ A+ binds a scoped datatype constructor
• Can pattern-match through a λ
• “Shocking” type isomorphisms:
R ⇒ (A+ ⊕ B+) ∼= (R ⇒ A+) ⊕ (R ⇒ B+)
36
Positive Focus: Γ ⊢ v + :: C +
∆ ° p :: C + Γ ⊢ σ : ∆
Γ ⊢ p [σ] :: C +
• Positive value is pattern p with substitution σ
• σ substitutes negative values v -/x for x :C - ∈ ∆
38
Positive Inversion: Γ ⊢ k + : C+ > D+
∀(∆ ° p :: C +). Γ, ∆ ⊢ φ(p) : D+
Γ ⊢ cont+(φ) : C+ > D+
• Positive continuation is a case-analysis
• Higher-order: specified by meta-level function
φ = {p 7→ e, . . .}
from patterns to expressions
39
Cut Admissibility
Theorem
1. Positive cut: If Γ ⊢ v+ :: C + and Γ ⊢ k+ : C+ > D+ thenΓ ⊢ v+ • k+ : D+
2. Negative cut: If Γ ⊢ v - : C - and Γ ⊢ k - :: C- > D+ thenthen Γ ⊢ v - • k - : D+
3. Substitution: If Γ, ∆ ⊢ J and Γ ⊢ σ : ∆ then Γ ⊢ J [σ]
40
Cut Admissibility
Procedure is independent of connectivesE.g. for positive cut:
∆ ° p :: C + Γ ⊢ σ : ∆
Γ ⊢ p [σ] :: C +
∀(∆ ° p :: C +). Γ, ∆ ⊢ φ(p) : D+
Γ ⊢ cont+(φ) : C+ > D+
(p [σ]) • cont+(φ) = φ(p) [σ]
. . .41
Cut Admissibility
Procedure is independent of connectivesE.g. for positive cut:
∆ ° p :: C + Γ ⊢ σ : ∆
Γ ⊢ p [σ] :: C +
∀(∆ ° p :: C +). Γ, ∆ ⊢ φ(p) : D+
Γ ⊢ cont+(φ) : C+ > D+
(p [σ]) • cont+(φ) = φ(p) [σ]
Termination depends on subformula property
41
Outline
What?
• Motivating example
• Structural properties
How?
• Polarity of ⇒
• Higher-order focusing for intuitionistic logic
• Computational open-endedness of inversion
42
Computational Open-endedness
Inversion may have infinitely many cases:
· ⊢ cont+(φ) : 〈Ψari〉 ari > 〈Ψari〉 nat
In extension:
• φ must give one case for each ari expression, except
• bind variables in ∆ for → functions from binop
Any method of presenting φ is acceptable!
43
Computational Open-endedness
1. May present φ as function in existing proof-assistant,reusing its pattern coverage checker• Opportunity for datatype-generic programs
Agda implementation on the Web!
2. Or design a traditional finitary syntax (future work)
3. Theory accounts for “foreign-function interface” toexisting tools
44
Related Work
Our approach is different than
• LF/Twelf, because we permit computation in data
• FOλ∆∇, because ⇒ introduces a fresh inferencerule, not a fresh individual
• nominal logic, because we don’t separate namegeneration from name binding (therefore no effects)
45
Related Work
Our approach is different than
• dependent de Bruijn indices, because structuralproperties are implemented type-generically
• weak HOAS / hybrid approaches, because werepresent binding as positive data—can patternmatch through ⇒
46
Conclusion
What?
• Simply-typed framework for rules that mix ⇒ and →
⊲ Future work: dependency on data, computation
• Structural properties implemented generically,under certain conditions
How?
• Higher-order focusing
• Contextual hypotheses and conclusions
47
Constructor Patterns
A+ ::= A+ ⊕ B+ | A+ ⊗ B+ | ↓A- | X +
∆ ° c :: A+
∆ ° inl c :: A+ ⊕ B+∆ ° c :: B+
∆ ° inr c :: A+ ⊕ B+
∆1 ° c1 :: A+ ∆2 ° c2 :: B+
∆1, ∆2 ° (c1 , c2 ) :: A+ ⊗ B+
x :A- ° x :: ↓A- x :X + ° x :: X +
51
Destructor Patterns
A- ::= ↑A+ | A+ → B - | A-NB -
γ ::= A+ | X -
· ° ǫ :: ↑A+ > A+ · ° ǫ :: X - > X -
∆1 ° c :: A+ ∆2 ° d :: B - > γ
∆1, ∆2 ° c ; d :: A+ → B - > γ
∆ ° d :: A- > γ
∆ ° fst; d :: A-NB - > γ
∆ ° d :: B - > γ
∆ ° snd; d :: A-NB - > γ
52
Right Focus, Left Inversion
α ::= X+ | C- γ ::= X- | C+
∆ ::= · | ∆, x : α Γ ::= · | Γ, ∆
Γ ⊢ v+ :: C +∆ ° c :: C + Γ ⊢ σ : ∆
Γ ⊢ c [σ] :: C +
Γ ⊢ k+ : γ0 > γ
Γ ⊢ ǫ : X- > X -∀(∆ ° c :: C +) : Γ, ∆ ⊢ φ+(c) : γ
Γ ⊢ cont+(φ+) : C+ > γ
53
Right Inversion, Left Focus
Γ ⊢ v - : α
∀(∆ ° d :: C - > γ) : Γ, ∆ ⊢ φ-(d) : γ
Γ ⊢ val-(φ-) : C -x :X + ∈ ΓΓ ⊢ x : X +
Γ ⊢ k - :: C- > γ
∆ ° d :: C - > γ0 Γ ⊢ σ : ∆ Γ ⊢ k+ : γ0 > γ
Γ ⊢ d [σ]; k+ :: C- > γ
54
Neutral, Substitution
Γ ⊢ e : γ
Γ ⊢ v+ :: C +
Γ ⊢ v+ : C +x :C - ∈ Γ Γ ⊢ k - :: C- > γ
Γ ⊢ x • k - : γ
Γ ⊢ σ : ∆
Γ ⊢ · : ·Γ ⊢ σ : ∆ Γ ⊢ v - : C -
Γ ⊢ σ, v -/x : ∆, x :C -
55
Cut
Γ ⊢ v - : C - Γ ⊢ k - :: C- > γ
Γ ⊢ v - • k - : γ
Γ ⊢ v+ :: C + Γ ⊢ k+ : C+ > γ
Γ ⊢ v+ • k+ : γ
Γ ⊢ e : γ0 Γ ⊢ k+ : γ0 > γ
Γ ⊢ e ; k+ : γ
Γ ⊢ k - :: C- > γ0 Γ ⊢ k+ : γ0 > γ
Γ ⊢ k - ; k+ :: C- > γ
Γ ⊢ k+1
: γ0 > γ1 Γ ⊢ k+2
: γ1 > γ
Γ ⊢ k+1
; k+2
: γ0 > γ
56
Operational Semantics (Positive Cut)
φ+(c) defined
c [σ] • cont+(φ+) →֒ φ+(c) [σ]
v+ • (k+1
; k+2) →֒ (v+ • k+
1) ; k+
2
v+ • ǫ →֒ v+
59
Operational Semantics (Negative Cut)
φ-(d) defined
val-(φ-) • (d [σ]; k+) →֒ (φ-(d) [σ]) ; k+
v - • (k - ; k+) →֒ (v - • k -) ; k+
fix(x .v -) • k - →֒ v - [fix(x .v -)/x ] • k -
60
Contextual Formula
Pos. formula A+ ::= X+ | ↓A-
| 1 | A+ ⊗ B+ | 0 | A+ ⊕ B+
| P | R ⇒ A+ | @A+
Rule R ::= P ⇐ A+1⇐ . . . ⇐ A+
n
Neg. formula A- ::= X- | ↑A+ | A+ → B -
| ⊤ | A-NB - | ν X -.A-
| R f B - | ⋄A-
Rule Context Ψ ::= · | Ψ, u :R
CPF C+ ::= 〈Ψ〉A+
CNF C- ::= 〈Ψ〉A-
63
Constructor Patterns
x :X + ; Ψ ° x :: X+ x : 〈Ψ〉A- ; Ψ ° x :: ↓A-
· ; Ψ ° () :: 1
∆1 ; Ψ ° p1 :: A+ ∆2 ; Ψ ° p2 :: B+
∆1, ∆2 ; Ψ ° (p1 , p2 ) :: A+ ⊗ B+
(no rule for 0)
∆ ; Ψ ° p :: A+
∆ ; Ψ ° inl p :: A+ ⊕ B+∆ ; Ψ ° p :: B+
∆ ; Ψ ° inr p :: A+ ⊕ B+
64
Constructor Patterns (Definitional Types)
u : P ⇐ A+1⇐ . . . ⇐ A+
n ∈ (Σ, Ψ)∆1 ; Ψ ° p1 :: A+
1. . . ∆n ; Ψ ° pn :: A+
n
∆1, . . . , ∆n ; Ψ ° u p1 . . . pn :: P
∆ ; Ψ, u :R ° p :: B+
∆ ; Ψ ° λ u. p :: R ⇒ B+∆ ; · ° p :: A+
∆ ; Ψ ° box p :: @A+
65
Destructor Patterns
· ; Ψ ° ǫ :: X- > X- · ; Ψ ° ǫ :: ↑A+ > 〈Ψ〉A+
∆1 ; Ψ ° p :: A+ ∆2 ; Ψ ° n :: B- > γ
∆1, ∆2 ; Ψ ° p ; n :: A+ → B - > γ
∆ ; Ψ ° n :: A- > γ
∆ ; Ψ ° fst; n :: A-NB - > γ
∆ ; Ψ ° n :: B- > γ
∆ ; Ψ ° snd; n :: A-NB - > γ
(no rule for ⊤)∆ ; Ψ ° n :: [ν X -.A-/X -]A- > γ
∆ ; Ψ ° out; n :: ν X -.A- > γ
66
Destructor Patterns (Definitional)
∆ ; Ψ, u :R ° n :: B- > γ
∆ ; Ψ ° unpack; u.n :: R f B - > γ
∆ ; · ° n :: A- > γ
∆ ; Ψ ° undia; n :: ⋄A- > γ
67
Contextual Patterns
c ::= Ψ.p
d ::= Ψ.n
∆ ° c :: 〈Ψ〉A+ and ∆ ° d :: 〈Ψ〉A+ > γ
∆ ; Ψ ° p :: A+
∆ ° Ψ.p :: 〈Ψ〉A+
∆ ; Ψ ° n :: A- > γ
∆ ° Ψ.n :: 〈Ψ〉A- > γ
68
Shocking Equalities
Proposition 1 (“Shocking” equalities).
1. R ⇒ (A+ ⊕ B +) ≈ (R ⇒ A+) ⊕ (R ⇒ B +)
(cf. ∀x.(A ⊕ B) ≈ (∀x .A) ⊕ (∀x .B))
2. (R f A-)N(R f B -) ≈ R f (A-NB -)
(cf. (∃x .A)N(∃x .B) ≈ ∃x.(ANB))
Proposition 2 (Some/any).
1. ↓(R f A-) ≈ R ⇒ ↓A-
2. ↑(R ⇒ A+) ≈ R f ↑A+
70
Example
Define
and* (true , true ) = true[·]and* (true , false) = false[·]and* (false , true ) = false[·]and* (false , false) = false[·]
Then · ⊢ cont+(and*) : (bool ⊗ bool) > bool
72
Example
e ::= num[k] | e1 ⊙f e2 | let x = e1 in e2
Represent with a datatype ari:
zero : nat, succ : nat ⇐ nat,
num : ari ⇐ nat
binop : ari ⇐ ari⇐ (nat ⊗ nat → nat)⇐ ari
let : ari ⇐ ari⇐ (ari ⇒ ari)
73
Example
Evaluator:
· ⊢ fix(ev .ev∗) : 〈Ψari〉 (ari → nat)
STS:
∀(∆ ° p :: 〈Ψari〉 ari).
(ev : 〈Ψari〉 ari → nat, ∆) ⊢ (ev∗ p) : 〈Ψari〉 nat
74
Example
∀(∆ ° p :: 〈Ψari〉 ari).
(ev : 〈Ψari〉 ari → nat, ∆) ⊢ (ev∗ p) : 〈Ψari〉 nat
ev∗ (num p) 7→ p
ev∗ (binop p1 f p2 ) 7→ f (ev p1 ) (ev p2 )
ev∗ (let p0 (λ u. p)) 7→ ev (apply (λ u. p, p0 ))
apply : 〈Ψari〉 (ari ⇒ ari) → (ari → ↑ari)
. . .75